-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from error messages containing sensitive information (CWE-209). The patch commit 'Return AdditionalInfo only to users with permission' (PR #2124) explicitly addresses improper exposure of diagnostic data in error responses. The 'AdditionalInfo' field in ServiceResult/ServiceResultException classes was previously populated without authorization checks, making these functions the root cause. The functions are part of the core error-handling mechanism, which aligns with the described remote exploitation vector and CWE-209 classification.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| OPCFoundation.NetStandard.Opc.Ua.Core | nuget | < 1.4.371.86 | 1.4.371.86 |
| OPCFoundation.NetStandard.Opc.Ua.Server | nuget | < 1.4.371.86 | 1.4.371.86 |